mirror of
https://github.com/darkrenaissance/darkfi.git
synced 2026-01-10 07:08:05 -05:00
121 lines
2.9 KiB
Plaintext
121 lines
2.9 KiB
Plaintext
# :set syntax=sapvi
|
|
# :source ../scripts/sapvi.vim
|
|
const:
|
|
G_VCV: SubgroupPoint
|
|
G_VCR: SubgroupPoint
|
|
G_SPEND: SubgroupPoint
|
|
G_PROOF: SubgroupPoint
|
|
G_NOTE_COMMIT_R: SubgroupPoint
|
|
G_NULL: SubgroupPoint
|
|
|
|
CRH_IVK: Blake2sPersonalization
|
|
NOTE_COMMIT: PedersenPersonalization
|
|
MERKLE: list<PedersenPersonalization>
|
|
PRF_NF: Blake2sPersonalization
|
|
|
|
contract input_spend(
|
|
value: U64 -> BinaryNumber
|
|
randomness: Fr -> BinaryNumber
|
|
ak: Point
|
|
ar: Fr -> BinaryNumber
|
|
nsk: Fr -> BinaryNumber
|
|
g_d: Point
|
|
commitment_randomness: Fr -> BinaryNumber
|
|
auth_path: [(Scalar, Bool)]
|
|
anchor: Scalar
|
|
) -> (Point, Point, Scalar, BinaryNumber):
|
|
let rk: Point = ak + ar * G_SPEND
|
|
emit rk
|
|
|
|
let nk: Point = nsk * G_PROOF
|
|
|
|
let mut ivk_preimage: BinaryNumber = []
|
|
ivk_preimage.put(ak)
|
|
|
|
let mut nf_preimage: BinaryNumber = []
|
|
|
|
ivk_preimage.put(nk)
|
|
nf_preimage.put(nk)
|
|
|
|
assert ivk_preimage.len() == 512
|
|
assert nf_preimage.len() == 256
|
|
|
|
let mut ivk = blake2s(ivk_preimage, CRH_IVK)
|
|
ivk.truncate(JUBJUB_FR_CAPACITY)
|
|
# This will error if ivk.len() != 256
|
|
#let ivk: Fr = ivk as Fr
|
|
let pk_d: Point = ivk * g_d
|
|
|
|
let cv: Point = value * G_VCV + rcv * G_VCR
|
|
emit cv
|
|
|
|
let mut note_contents: BinaryNumber = []
|
|
note_contents.put(value)
|
|
note_contents.put(g_d)
|
|
note_contents.put(p_k)
|
|
assert note_contents.len() == 64 + 256 + 256
|
|
|
|
let mut cm = pedersen_hash(note_contents, NOTE_COMMIT)
|
|
cm += commitment_randomness * G_NOTE_COMMIT_R
|
|
|
|
let mut position = []
|
|
let mut cur: Scalar = cm.u
|
|
|
|
for i in range(auth_path.size()):
|
|
let (node: Scalar, is_right: Bool) = auth_path[i]
|
|
|
|
position.push(is_right)
|
|
|
|
# Scalar -> AllocatedNum
|
|
let (left: Scalar, right: Scalar) = swap_if(is_right, cur, node)
|
|
|
|
let mut preimage: BinaryNumber = []
|
|
preimage.put(left)
|
|
preimage.put(right)
|
|
|
|
cur = pedersen_hash(MERKLE_TREE[i], preimage).u
|
|
|
|
enforce cur == rt
|
|
emit rt
|
|
|
|
let rho: Point = rho + position * G_NULL
|
|
|
|
nf_preimage.put(rho)
|
|
assert nf_preimage.len() == 512
|
|
|
|
let nf: BinaryNumber = blake2s(nf_preimage, PRF_NF)
|
|
emit nf
|
|
|
|
contract output_mint(
|
|
value: U64 -> BinaryNumber
|
|
randomness: Fr -> BinaryNumber
|
|
g_d: Point
|
|
esk: Fr -> BinaryNumber
|
|
pk_d: Point
|
|
commitment_randomness: Fr -> BinaryNumber
|
|
) -> (Point, Point, Scalar):
|
|
let cv: Point = value * G_VCV + rcv * G_VCR
|
|
emit cv
|
|
|
|
let mut note_contents: Binary = []
|
|
note_contents.put(value)
|
|
|
|
let epk: Point = esk * g_d
|
|
emit epk
|
|
|
|
let v_contents: Scalar = pk_d.v
|
|
let sign_bit: Bool = pk_d.u.is_odd()
|
|
|
|
note_contents.put(v_contents)
|
|
note_contents.put(sign_bit)
|
|
|
|
assert len(note_contents) == 64 + 256 + 256
|
|
|
|
let mut cm: Point = pedersen_hash(note_contents, NOTE_COMMIT)
|
|
let rcm: Point = commitment_randomness * G_NOTE_COMMIT_R
|
|
cm += rcm
|
|
|
|
let cmu: Scalar = cm.u
|
|
emit cmu
|
|
|